HP Integrity Servers with Microsoft Windows Server 2003 HP Integrity Essentials Intelligent Networking Pack User Guide HP Part Number: 5992-0904 Published: March 2007
Legal Notices © Copyright 2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 Introduction......................................................................................................................9 Overview.................................................................................................................................................9 Intelligent Networking Pack licenses....................................................................................................10 Different ways to install Intelligent Networking Pack licenses....
Configuring advanced networking features.........................................................................................50 Configuring discovery protocols..........................................................................................................
List of Figures 1-1 1-2 1-3 1-4 1-5 2-1 2-2 2-3 2-4 2-5 2-6 2-7 2-8 2-9 2-10 2-11 2-12 3-1 3-2 3-3 3-4 3-5 4-1 NCU tray icon ...............................................................................................................................11 NCU Main page.............................................................................................................................12 Virus Throttle tray icon ..........................................................................................
List of Tables 2-1 2-2 6-1 6-2 6-3 6-4 Command line arguments.............................................................................................................27 Return codes..................................................................................................................................28 Installing an Intelligent Networking Pack license........................................................................49 Using Virus Throttle.................................................
1 Introduction This document provides information about installing HP Integrity Essentials Intelligent Networking Pack licenses and configuring Intelligent Networking Pack features. Overview The HP Integrity Essentials Intelligent Networking Pack (INP) enables your servers to actively adapt to networking infrastructure problems, thereby improving server availability and network performance.
— — — Cisco Discovery Protocol (CDP) support: a media- and protocol-independent network protocol used to obtain protocol addresses of neighboring devices and discover the platform and other information about those devices. Link Layer Discover Protocol (LLDP) support: a media- and protocol-independent network protocol used to obtain protocol addresses of neighboring devices and discover the platform and other information about those devices.
and Virus Throttle require HP Integrity systems running Microsoft Windows Server 2003 64-bit Edition. Running License Manager from the Network Configuration Utility If you already have the NCU software (release 7.71 and higher) installed on your server, click the License Manager button on the NCU Main page to run the HP Integrity Essentials Network License Manager. If you do not have the NCU software installed on your server, install it as follows: 1. 2. 3. 4. 5. 6. 7.
Figure 1-2 NCU Main page 9. Click the License Manager button. The HP Integrity Essentials Network License Manager displays. For information on how to complete this screen, see the section, “Installing a license using the License Manager” (page 13). Running License Manager during a Virus Throttle installation When you install Virus Throttle, the utility first looks for a valid INP license on the system.
9. Intelligent Networking Pack License installed. Would you like to run the license manager and install one? Click Yes. The HP Integrity Essentials Network License Manager displays. For information on how to complete this screen, see the section, “Installing a license using the License Manager” (page 13). NOTE: After the INP license installs on the system, the Virus Throttle installation automatically continues. For additional information on Virus Throttle, see the next chapter.
3. 4. 5. Or, click the Install license keys from a file button. Then click the Open License Key File button and navigate to a valid keyfile (format = filename.key). Select the desired License Keys in the window and click Install to install them. A “License Addition Success” message appears, indicating success.
The VTLicense command validates an INP license first and then adds it to the system. It also displays information about licenses already installed on the system. This utility is installed automatically during installation of the Virus Throttle Utility. Command line usage is exactly the same as in Network License Adapter Utility (nalicense), which is described in the previous section. For information about how to use this utility, see the section, “Virus Throttle License Utility” (page 27).
2 Virus Throttle Viruses typically spread by connecting to as many different machines as possible. Virus Throttle, a network packet-filtering feature, monitors all outbound connection requests. Virus Throttle helps to stop the spread of viruses on your system by detecting abnormal or virus like behavior in the requests. It slows down excessive connection requests to new hosts until you can determine if they are viral in nature and take action.
Figure 2-1 Virus Throttle tray icon 9. During installation, if the utility does not identify a valid INP license on the system, you will see the following message: There is not a valid Integrity Essentials Intelligent Networking Pack License installed. Would you like to run the license manager and install one? 10. Click Yes. The Integrity Essential Intelligent Networking Pack License Manager displays.
When a new adapter is installed on the system or a new team or VLAN is created, the parameters for that interface are set to the default settings. When the Virus Throttle Status and Configuration Utility runs, it looks for inconsistencies in the settings for all the active instances, and prompts you to update these settings if inconsistencies are found.
Figure 2-5 Virus Throttle inconsistency message If you click Yes here, the utility closes and the inconsistent settings remain. If you click No, the Configuration Tab displays again so you can change your settings and save them. Configuring Virus Throttle parameters The Configuration tab shows the current delay queue and host settings, and lets you configure them for all active instances of the Virus Throttle filter driver.
• • • Restore Defaults: restores all values to their default values. OK: processes all changes made in the current session and closes the Virus Throttle Status and Configuration Utility. Cancel: cancels any selections made in the current session and closes the Virus Throttle Status and Configuration Utility. When you click OK to process your changes, the following message displays. Figure 2-6 Virus Throttle interruption message Click Yes here.
Figure 2-9 Virus Throttle Status tab 22 • Status: displays the current state and number of interfaces with virus-like activity since the Virus Throttle filter drivers were initialized. — No Virus-like activity is occurring: no virus-like activity is currently detected and none has been detected. — Virus-like activity is not occurring, but has occurred in the past: no virus-like activity is currently detected, but virus-like activity has been detected.
— — — — — — — — — — — • TCP Packets Dropped Due to Queue Overflow: number of TCP packets that were dropped due to the delay queue being full since filter driver initialization. Maximum TCP Packets on Queue: maximum number of TCP packets on the queue since filter driver initialization. Times TCP Virus-like Activity Seen: number of times virus-like activity was detected since TCP filter driver initialization.
1. 2. In the Windows Control Panel, double-click the Network Connections icon. In the Network Connections window, right-click on the desired LAN connection icon and select Properties from the drop-down list. The Local Area Connection Properties window displays. Figure 2-10 Local Area Connection Properties 3. 4. On the General tab, in the box labeled “This connection uses the following items”, click to clear the checkmark in front of the HP Virus Throttle Driver item.
NOTE: To unbind Virus Throttle from a specific network interface card (NIC) you must first identify the physical NIC. This means you have to know the hardware layout of your system. Once you've identified the physical NIC, you must determine the Network Connection associated with it and unbind Virus Throttle from that connection, as described previously. Re-binding Virus Throttle to a network connection To re-bind Virus Throttle to a network connection where it was previously unbound: 1. 2.
Status tab, look in the Information box to see a list of all network connections that Virus Throttle is currently bound to, and verify the connection name appears in the list (to see individual network connections on the Status tab, you must select the Individual setting under “Statistics Display Mode”). Removing network interface cards from a Virus Throttle system To remove a NIC from systems where Virus Throttle is installed: 1. 2.
5. 6. The removal process may take awhile, depending on the number of connections to which Virus Throttle was bound. When the process finishes you are prompted to reboot. Click Yes to continue. Removal is not complete until the system restarts. After the restart, verify that Virus Throttle was removed by navigating to the Local Area Connection Properties window again.
Table 2-1 Command line arguments (continued) Argument Function /help Displays utility usage (optional). /M Prints license information in a format capable of being parsed by machine (optional). Return codes The following return codes may display: Table 2-2 Return codes Code Description 0 Success. 1 Duplicate license exists. 2 Invalid Integrity Essentials Intelligent Networking Pack license. 3 Unrecognized Integrity Essentials Intelligent Networking Pack license. 4 Usage error.
Seats Used: 1 Days Permitted: Days Left: Unlimited Virus Throttle License Utility 29
3 Advanced Networking Features With an Intelligent Networking Pack license installed on your system, you can enable six additional team types and three advanced redundancy types. This chapter describes how to activate and configure these features. Advanced team types include: • Switch-assisted Dual Channel Network Fault Tolerance • Switch-assisted Dual Channel Network Fault Tolerance and Preference Order • 802.3ad Dynamic Dual Channel Network Fault Tolerance • 802.
in the primary team fail, a link to one of the adapters in the secondary, backup team automatically takes over. 802.3ad Dynamic Dual Channel NFT and Preference Order Provides the same options as 802.3ad Dynamic Dual Channel NFT except it offers the additional option of setting the priority order of the adapters that are used in the primary and secondary teams. Dual Channel Load Balancing Dual Channel Load Balancing allows the creation of two teams, called groups, inside of a single team.
Figure 3-1 Teaming Controls tab 3. 4. A unique character string identifying this team displays in the Team Name field. This name displays as the device name in the Network and Dial-up Connections page and on the NCU Main page. Select a Dual Channel team type from the Team Type Selection list. Dual Channel team type options include: • Switch-assisted Dual Channel Network Fault Tolerance • Switch-assisted Dual Channel Network Fault Tolerance and Preference Order • 802.
• • 6. Destination MAC Address: load balances transmit IP packets using the last four bits of the destination MAC Address. Round Robin: (Packet order not guaranteed.) load balances transmit packets among all team members. A packet is sent on one team member, the next packet is sent out on the next team member, and so on. When the last team member is utilized, the rotation begins again.
— — — — — — — — — — — — — — — — — — • 7. 8. Unknown — the team member's status could not be determined. Wire Fault — the member does not have a link. Not Joined — the member cannot be joined in the team because it has an incompatible setting. The most likely cause is changing a parameter for a team member using the local area connection property sheet. Degraded (Fast Path) — the team member and no other team members can receive Bridge Protocol Data Units (BPDUs).
Active Path Failover allows a ProLiant server to predict and bypass failed network paths through use of a user assigned echo node. An echo node is a device on the network with which connectivity is required. Periodically, each team member transmits an Address Resolution Protocol (ARP) request packet to the echo node. If a response is not received from the echo node within a set timeout period, the team member is marked as failed.
To configure Active Path Failover for a team: 1. 2. 3. On the NCU Main page, highlight the team. Click Properties. The Team Properties page appears, with the Teaming Controls tab active. Select the Advanced Redundancy tab. Figure 3-3 Advanced Redundancy tab 4. 5. Select the Active Path Failover option to enable it.
6. 7. In the Echo Node IP Address box type the IP address of the echo node. Click the Echo Node Probe Interval list and select the interval at which packets are transferred to the echo node. The default setting is 3 seconds. 8. (Optional) Type the MAC address of the echo node in the Echo Node MAC Address box. Providing an echo node MAC address allows the echo node packets to be unicast to the echo node. If no echo node MAC address is provided, the echo node packets are broadcast. 9.
4. 5. 6. 7. 8. Select the Router Path Failover option. These Router Redundancy Protocols (HSRP, VRRP) allow you to set up two or more routers into a single router group, which acts as a backup for a virtual router. Click the Router Protocol list and select the protocol type to monitor.
Figure 3-4 VLAN tab The VLAN tab shows all VLANs that currently exist for the team. The list includes both existing VLANs and new VLANs that have been created but that have not yet been applied. Newly created VLANs are applied using the OK button on the Main page. 3. To create a new VLAN, click Add. The VLAN Properties input box appears. Figure 3-5 VLAN Properties input box 4. 5. 40 Enter a user-defined VLAN name. Every VLAN must have a name assigned to it.
6. 7. 8. Click OK. The new VLAN is saved and the VLAN tab appears. The new VLAN you created appears in the list on the VLAN tab. Select from the following: • Default VLAN Id: displays the VLAN ID to which all packets received without a VLAN tag are sent. The default is the lowest VLAN ID defined for the team. • Receive Path Validation VLAN Id: allows you to select the VLAN on which Receive Path Validation Heartbeat Frames are transmitted.
4 Using discovery protocols This chapter describes how to configure and monitor the discovery protocols enabled by an Integrity Essentials Intelligent Networking Pack license. About Cisco Discovery Protocol and Link Layer Discovery Protocol CDP and LLDP are layer two, neighbor device discovery protocols that run on all networking devices such as routers, access servers, bridges, and switches.
Figure 4-1 Team Discovery Protocols tab 4. 5. 6. In the Discovery Protocol Settings group select Enable CDPv1, Enable CDPv2, or Enable LLDP to set the CDP version or LLDP for which to listen. Click OK to accept the settings and return to the NCU main window. Click OK on the NCU main window to apply the settings. Team Members are listed in order by Group ID and then by Team Member ID. Information about team members includes: • LAC — The name of the local area connection.
— — — — • • • Switch Host IGMP (Internet Group Management Protocol) Device Repeater VTP Management Domain — The system's VTP management domain name. This is used to verify VTP domain configuration in adjacent network nodes. Native VLAN ID — The VLAN for untagged packets on the interface. CDP or LLDP learns the native VLAN for an interface. This is implemented only for interfaces that support the IEEE 8021Q protocol. Duplex — Current duplex mode of the team member: Unknown, Half, or Full.
5 IGMP support Internet Group Management Protocol (IGMP) is used to register dynamic multicast group membership. It can register a router to receive specific multicast traffic. IGMP traffic is only be sent to those team members that are part of a multicast group. When a server runs an application that wants to join a multicast group, the join message is sent out to the aggregation and only those ports in the multicast group.
6 Troubleshooting This section provides possible solutions to problems that may occur during the configuration of Intelligent Networking Pack features. The following tables provide steps you should take before calling your service representative. • Installing an Intelligent Networking Pack license: contains troubleshooting information about installing an Intelligent Networking Pack license. • Using Virus Throttle: contains troubleshooting information about using Virus Throttle.
Configuring advanced networking features Table 6-3 Configuring advanced networking features Problem Possible Cause All members of the team currently have a yellow X with a status of “Active Path Failure” and the team is degraded (yellow team icon). Active Path Failure is a failure Verify the echo node device is on the condition of the Active Path Failover same IP subnet as the team. mechanism.
Table 6-3 Configuring advanced networking features (continued) Problem Possible Cause Possible Solution The Intelligent Networking Pack This may be expected behavior based license is installed but I cannot on the configured settings. enable Active Path Failover on the team. It is grayed out. Open the Network Configuration Utility (NCU) and check to see if the team contains a 10/100 network adapter (NC31xx series).
Table 6-3 Configuring advanced networking features (continued) Problem Possible Cause Possible Solution When using the Router Path The router protocol type or the router Ensure the Router Protocol setting is mechanism, all members in a team IP address may be set wrong. configured for the correct protocol and show a yellow X with a status of verify the Router IP Address entry. "Degraded (Router Path)"; however, all adapters are operating successfully.
Table 6-4 Configuring discovery protocols (continued) Problem Possible Cause Possible Solution CDP or LLDP is enabled and CDP or LLDP frames are being transmitted by the network device but they are not being received by the team. When CDP or LLDP is first enabled, Disable CDP or LLDP then re-enable it it may take 30 seconds to receive the and verify that the team registers the first CDP or LLDP frame. It is address.